Everyone knows the rules of sending nude selfies: always delete the evidence! Unfortunately, that may not be enough. According to a new study, factory wiping your phone, which should delete all incriminating evidence, doesn’t necessarily work they way we had all hoped. A security firm says it uncovered hundreds of naked selfies on secondhand Android devices because “wipe” doesn’t actually erase data.

After studying twenty Android handsets, the security company Avast discovered that the “factory reset” button doesn’t delete data on the phones. That same data can be retrieved using standard forensic security tools. The researchers uncovered 40,000 photos including 750 photos of women in the buff and 250 of men sharing their nudes with others.

So why does this happen even after you think you’re in the clear? Well, as it turns out hitting the factory reset option wipes out the index that point to the locations in the storage where the data is written, not the actual data itself. By using forensic tools, Avast was able to reconstruct the files and see just how naughty you’ve been.

Google was quick to defend their products saying this study "looks to be based on older devices and versions [of Android] and does not reflect the security protections in Android versions that are used by 85% of users." However, that’s not all together true and new Android devices have a setting where the encryption of data is optional, thus, leaving new phones vulnerable as well.

Next time you send a nude, just remember, even though you delete it, someone can still get it back. Creepy.